This invention generally relates to a method and system for a person to securely and reliably delegate or authorize the execution of a financial transaction to another person, and for reliably verifying the identity of the person to whom the financial transaction has been delegated or authorized. For example, it relates to a commercial bank where a bank customer, i.e., a person who holds an account with the bank, delegates or authorizes another individual to perform one or more transactions against the customer's account.
The processes involved in banking transactions have improved significantly in the past several years due to automation and network communication. However, currently, there is no reliable and secure way for an individual to delegate or authorize another individual to perform a banking transaction. For example, at present, a bank customer cannot reliably and securely delegate or authorize another individual to cash a check, or withdraw funds from his or her bank account if the bank customer is unable to go to the bank. At present, to conduct the above transaction, the bank customer has to delegate or authorize another individual to perform the above transaction on his or her behalf; thereafter, the delegated individual has to counter-sign the check in the bank customer's branch for signature verification to complete the above transaction. However, the bank cannot guarantee that the bank customer actually signed the check before the check was given to the delegated or authorized individual, as the bank can only manually verify the bank customer's signature against an archived signature of the bank customer. This manual verification also cannot guard against the event where the bank customer's check was stolen and where the signature of the bank customer was thereafter forged on the stolen check.
Where the financial institution is a bank, and where the financial transaction is delegated or authorized by the bank customer to another individual, the bank may attempt to contact the bank customer via telephone to validate the transaction. In some instances, the bank may require that the individual authorized or delegated by the customer have an account with the bank to protect the financial institution in the event of fraud. In either case, it is almost impossible for the delegated or authorized individual to go to any branch of the financial institution other than the branch where the account was opened to conduct the transaction, if the delegated or authorized individual does not have an account with that financial institution. The above verification methods are unreliable, time-consuming and inherently subject to fraud.
In one conventional approach, the biometric data of the individual whose identity is to be authenticated is captured on a smart card. The smart card encrypts the biometric data and transmits it to a remote host server for authentication and authorization. The e-commerce transaction system comprises a wireless communication device for transmitting and receiving data and a contact-less smart card reader.
The above approach for biometric delegation and authorization of the bank customer does not provide a method or system for reliably verifying the identity of the delegated individual and for authorizing a transaction from one smart card to another smart card, and an adequate level of authentication and authorization. There is an unsatisfied need in the market for a secure financial transaction delegation or authorization process.
The present invention uses a smart card and biometric scanner or reader. The smart card may hold personal information regarding an individual, for example the individual's photo image, bank account information, etc., and the individual's biometric profile, for example, a set of fingerprint templates. Fingerprint templates are commonly used to authenticate the identity of the smart card holder. Only one individual can be authenticated as the owner of a smart card. For a banking delegation or authorization, or an authentication process, the bank customer writes the relevant information regarding a checking or savings account transaction to a remote backend host server and/or in the delegated individual's smart card, using a biometric scanner or reader controlled by a host application. If the delegated individual is not available to allow the delegated transaction to be written into the delegated individual's smart card using the biometric scanner or reader, the delegation or authorization transaction information is written by the bank customer to the back-end host server. The transaction information may consist of an amount, check number, delegated transaction expiration date, etc. The delegated or authorized individual can now transact the delegated transaction at any branch of the customer's bank; After verifying the delegated or authorized individual's identity, the bank personnel can reliably process the transaction. The information stored in the delegated or authorized individual's smart card is secure since only the bank customer can write the delegated or authorized transaction into the delegated or authorized individual's smart card. Furthermore, information stored in the smart card of the delegated or authorized individual is accessible only after a successful authentication of the owner of the smart card.
In another embodiment of this invention, only a biometric device is used to create the delegation or authorization records. In this scenario, the biometric device holds the device owner's biometric profile information with a unique biometric profile code which is used to access the device owner's personal and account information. Upon successful authentication of the biometric device owner, the associated biometric profile code is used to retrieve the device owner's account information for delegation or authorization. To process a delegation or authorization, the delegated or authorized person is authenticated using the delegated or authorized individual's biometric device, and the associated biometric profile code is used to retrieve the delegated or authorized transaction.
The delegation or authorization process, authentication of the delegated or authorized individual, and delegated transaction execution encompasses four major processes—enrollment, delegation or authorization, processing, and card recreation. This invention is directed to the above four processes.